Tuesday, 27 March 2012

Hacking Facebook accounts using Cookie Stealing and Session Hi-jacking


Warning: This is only for EDUCATIONAL purposes to make you aware of how your FACEBOOK account may get HACKED so that you may PREVENT it from getting hacked,,,,!!!
The person posting this or the this blog is not responsible for any type malicuous activities performed by anyone who is reading this,,,,!!!






Hey there,,,!!! Many of them have been reuesting me to post about FACEBOOK HACKING,,,!!! Well here it is for you,,,!!!


Authentication Cookies used by Facebook :

The cookie which facebook uses to authenticate it's users is called "Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:



datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;



An attacker may use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any ***Packet Sniffer*** and gain access to victims account.

If an attacker is on a Switch based network he would use an ***ARP Poisoning*** request to capture authentication cookies, If an attacker is on a wireless network he uses a tool called ***FIRESHEEP*** in order to capture authentication cookie and gain access to victims account.

Here in the example below I will be explaining in simple STEPS how an attacker can capture your authentication cookies and hack into your Facebook account with ***Wireshark***.


Step 1 - First of all download wireshark from the official website and install it.


Step 2 - Next open up wireshark click on analyze and then click on interfaces.


Step 3 - Next choose the appropriate interface and click on start.















Step 4 -
Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.



Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the  http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.

Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.


Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script. Now open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.





 Step 10 - Now refresh your page and
                                                  *******BINGO*********
**************You are logged in to the victims facebook account.***************


Now comes the important part,,,,,!!!

HOW TO PROTECT YOUR ACCOUNT ??
Well, the best way to protect yourself against a session hijacking attack is to use  " https:// " connection each and every time you login to any of your accounts in  Facebook, Gmail, Yahoo or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.  Also avoid using unwanted apps that you use in FACEBOOK. Keep changing your password freequently. Use tough passwords which  are hard to guess with a combination of uppercase and lowercase characters with symbols in between to make the password very strong.

 Hope you ENJOYED this post,,,!!! Please do bookmark and share if you liked this post,,,!!! Cheers,,,,!!!

34 comments:

Latha Barbie said...

hey but how to gt the exact prsn's cookie ??

Rahul said...

You can use the existing hack tools for stealing a cookie.
(OR)
You can also perform XSS Attack to Steal cookie of the victims web browser which I will be discussing in my next post,,,!!!

Anonymous said...

I got an copy of windows so is it that that makes the error comes up when i try to open cookie injector?

rahul said...

great post

Kunal said...

Great info

thomas john said...

nice post!
hack facebook,password hacking online

Unknown said...

Hello guys wanna learn real genuine Hacking and free Download full version softwares just visit our website www.Hackdonor.com ~ Everything About Hack & Soft

Unknown said...

make? sure to check out Glen! They will hack any account & website for you - name it - from Google to Yahoo to Facebook.Just email & they'll give you access to any account you want. >> GLENPENK@YAHOO.COM <<

Unknown said...

http://www.coolearningtips.blogspot.com

http://www.bestptcsitesofindia.blogspot.com

Jettus Joseph said...

just check my blog guys...
http://aprogramernotes.blogspot.in/

Unknown said...

for more hacking tricks and tips you can check this blog...

http://hackerzpositive.blogspot.in/search/label/How%20to

Unknown said...

If you lost your password and/or need to HACK someone else's password for anything or some information (Facebook,Hotmail,Gmail,Yahoo,Twitter,Websites,etc) you can simply just email Trickdp0ison@yahoo.com. They respond in less than 5 minutes and get you what you need instantly!! They are amazing and 100% trustworthy. we offer proof before payment plus first 5 order gets a free hack.

Knowledge Adda said...

send me video plz - sachinpaija12@gmail.com

Prakash Dodvadiya said...

FriendWorlds.Tk - Hindu - Muslim - Sikh - Islam - Jain Social Networking Community Site And Improve Your Social Circle. http://www.friendworlds.tk

Anonymous said...

Keep sharing ideas .... Your valuable ideas will help newbies to grew up into professionals.... for more tricks visit
www.trickcent.blogspot.com

Unknown said...

can you get more hackingh trick and tip goon my site (www.yaingh.blogspot.com)
And followed me

Anonymous said...

http://basichackingtips.blogspot.com

Unknown said...

Create your free webhosting account on www.hkimking.in 10 gb free space you can add 9999 domains.i think you can create beautifull website or blog in 5 minutes

Sanjeet Kashyap said...

it was very interesting to go through the whole article. very informative one.
also check Amazing Hacking Tricks to know about Social Engineering with example.

harsh sharma said...

fathers day

father's day

father's day 2016

fathers day 2016

Happy father's Day

Happy Fathers Day

fathers day quotes

fathers day messages

fathers day messages

fathers day poems

fathers day greetings

fathers day wishes

Unknown said...

How is it possible sir to know how to hack whatsapp

Unknown said...

How is it possible sir to know how to hack whatsapp

Dhruval said...

look at this wifi hacker app
google play store on pc
how to do anything
how to downgrade to windows 7

theRiyazSaifi said...

Post about Megsta auto liker on your blog

auto like facebook
fb auto liker
fb autoliker
facebook auto liker
auto liker for facebook
auto like fb
autoliker
auto like
liker
facebook like
facebook liker
fb liker
fb page liker
page liker
fb Auto follow
auto followers
www.Megsta.com

Unknown said...

I got my already programmed blank ATM card to withdraw a maximum of $5,000 daily for 30 days. I am so happy about this because i got mine last week and I have used it to get $100,000. Mrs OMON is giving out the card just to help the poor and needy though it is illegal but it is something nice and she is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card. get yours from her. Just send her an email on: atmmachine581@gmail.com

Unknown said...

I got my already programmed blank ATM card to withdraw a maximum of $5,000 daily for 30 days. I am so happy about this because i got mine last week and I have used it to get $100,000. Mrs OMON is giving out the card just to help the poor and needy though it is illegal but it is something nice and she is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card. get yours from her. Just send her an email on: atmmachine581@gmail.com

Unknown said...

I got my already programmed blank ATM card to withdraw a maximum of $5,000 daily for 30 days. I am so happy about this because i got mine last week and I have used it to get $100,000. Mrs OMON is giving out the card just to help the poor and needy though it is illegal but it is something nice and she is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card. get yours from her. Just send her an email on: atmmachine581@gmail.com

Anonymous said...

Hi, interesting post..

Do visit our blog for similar posts or more

https://coolhackingtricks.blogspot.in/

Unknown said...

HACKER IMPOSSIBLE!!! HACKER IMPOSSIBLE!!! HACKER IMPOSSIBLE!!!
Make Millions Of Dollars Today With The World’s Best Hackers.
www.hackerimpossible.com Is The Place To Be For Your:
||Bank Transfers||Western Union Money Transfers||Electronics Shipment||PayPal Top-Up|| And Many More||
All Methods Are 100% Safe & Authentic.
• Get Thousands Of Dollars Loaded Into Your Bank Account For Only A Little Fee.
• Get Dozens Of Latest Electronics Shipped For You At Incredibly Cheap Service Fee.
• Get Thousands Of Dollars Loaded Into Your PayPal Account For Only A Little Fee.
• Get Thousands Of Dollars Sent To You Via Western Union For Only A Little Fee.
Contact Them Today
Visit: www.hackerimpossible.com For More Information.

HACKER IMPOSSIBLE!!! HACKER IMPOSSIBLE!!! HACKER IMPOSSIBLE!!!
Make Millions Of Dollars Today With The World’s Best Hackers.
www.hackerimpossible.com Is The Place To Be For Your:
||Bank Transfers||Western Union Money Transfers||Electronics Shipment||PayPal Top-Up|| And Many More||
All Methods Are 100% Safe & Authentic.
• Get Thousands Of Dollars Loaded Into Your Bank Account For Only A Little Fee.
• Get Dozens Of Latest Electronics Shipped For You At Incredibly Cheap Service Fee.
• Get Thousands Of Dollars Loaded Into Your PayPal Account For Only A Little Fee.
• Get Thousands Of Dollars Sent To You Via Western Union For Only A Little Fee.
Contact Them Today
Visit: www.hackerimpossible.com For More Information.

Unknown said...

Nice Post about Hacking Social Media Apps. Keep it up..Good Work!!

Unknown said...

crazyliker is best facebook auto liker http://crazyliker.net

auto liker

autoliker

unlimited liker

auto followers

auto reaction

Hacker said...

Hire hacker

❤ BUSINESS FOR
SERIOUS BUYERS ONLY ❤

♣ BILLS PAY
♣ HOTEL BOOKING / AIR TICKET BOOKING
♣ BANK TRANSFER AVAILABLE
♣ WESTERN UNION TRANSFER AVAILABLE
♣ ATM / DUMPS / TRACKS
♣ CREDIT CARD / DEBIT CARD

We Also provide You To Transfer Money From any Hacked Bank Logins With No ChargeBack.
WE HAVE REPLACEMENT POLICY AND WE PROVE BEFORE ANY BUSINESS
INBOX ME ASAP

ICQ : 728612475
Gmail : arturooboris@gmail.com

Rahul Sharma said...

Thanks for this amazing article. Loved your post. Waiting for your next article.

Intraday Tips.

johnny said...

Are you interested in the service of a hacker to get into a phone, facebook account, snapchat, Instagram, yahoo, Whatsapp, get verified on any social network account, increase your followers by any amount, bank wire and bank transfer. Contact him on= hackintechnology.com

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Best Web Host
Make Flying Twitter Bird Gadget